NotCVE - vendor:"Suse" product:"Munin" version:" <= 2.0.40-lp151.1.1"

8 results (0.004 seconds)

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2019-3694 – Local privilege escalation from munin to root in the packaging of munin

https://notcve.org/view.php?id=CVE-2019-3694

24 Jan 2020 — A Symbolic Link (Symlink) Following vulnerability in the packaging of munin in openSUSE Factory, Leap 15.1 allows local attackers to escalate from user munin to root. This issue affects: openSUSE Factory munin version 2.0.49-4.2 and prior versions. openSUSE Leap 15.1 munin version 2.0.40-lp151.1.1 and prior versions. Una vulnerabilidad de tipo Symbolic Link (Symlink) Following en el empaquetado de munin en openSUSE Factory, Leap versión 15.1, permite a atacantes locales escalar desde un usuario munin a root... • https://bugzilla.suse.com/show_bug.cgi?id=1155078 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2017-6188 – Ubuntu Security Notice USN-3215-1

https://notcve.org/view.php?id=CVE-2017-6188

22 Feb 2017 — Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user. Munin en versiones anteriores a 2.999.6 tiene una vulnerabilidad local de escritura de archivos cuando los gráficos CGI están habilitados. Configurar múltiples parámetros GET upper_limit permite sobreescribir cualquier archivo accesible en el usuario www-data. It was discovered that Munin incorrectly handled CGI graphs... • http://www.securityfocus.com/bid/96399 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0

CVE-2013-6048 – Ubuntu Security Notice USN-2090-1

https://notcve.org/view.php?id=CVE-2013-6048

10 Dec 2013 — The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data. La función get_group_tree en lib/Munin/Master/HTMLConfig.pm en Munin anterior a 2.0.18 permite a nodos remotos provocar una denegación de servicio (bucle infinito y el consumo de memoria en el proceso Munin-html) a través de datos multigrafo artesanales. Christoph Biedl discovered th... • http://www.debian.org/security/2013/dsa-2815 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0

CVE-2013-6359 – Ubuntu Security Notice USN-2090-1

https://notcve.org/view.php?id=CVE-2013-6359

10 Dec 2013 — Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service (abort data collection for node) via a plugin that uses "multigraph" as a multigraph service name. Munin::Master::Node en Munin anterior a 2.0.18 permite a atacantes remotos causar una denegación de servicio (abortar recolección de datos para el nodo) a través de de un plugin que utiliza "multigraph" como nombre de servicio para multigraph. Christoph Biedl discovered that Munin incorrectly handled certain multigr... • http://munin-monitoring.org/ticket/1397 • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 2

CVE-2012-3512 – Gentoo Linux Security Advisory 201405-17

https://notcve.org/view.php?id=CVE-2012-3512

21 Nov 2012 — Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin. Munin antes de v2.0.6 almacena los archivos de estado de complementos que se ejecutan como root en el mismo directorio escribible por el grupo como complementos no-root, lo que permite a usuarios locales ejecutar código arbitrario mediante la sustitución de un archivo de e... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684075 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.3EPSS: 0%CPEs: 20EXPL: 1

CVE-2012-3513 – Gentoo Linux Security Advisory 201405-17

https://notcve.org/view.php?id=CVE-2012-3513

21 Nov 2012 — munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command. munin-cgi-graph en Munin antes de v2.0.6, cuando se ejecuta como un módulo CGI bajo Apache, permite a atacantes remotos cargar nuevas configuraciones y crear archivos en directorios arbitrarios mediante el comando logdir. Multiple vulnerabilities have been discovered in Munin which may lead to symlink attacks, f... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684076 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2012-2103 – Gentoo Linux Security Advisory 201405-17

https://notcve.org/view.php?id=CVE-2012-2103

26 Aug 2012 — The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. El complemento (qmailscan) para Munin v1.4.5 permite a usuarios locales sobrescribir ficheros arbitrarios a través de un ataque (symlink) en ficheros temporales con nombres predecibles. Multiple vulnerabilities have been discovered in Munin which may lead to symlink attacks, file creation, or bypass of security restrictions. Versions less than 2.0.8-r2 are affe... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668778 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 2

CVE-2012-2104 – Munin 2.0~rc4-1 - Remote Command Injection

https://notcve.org/view.php?id=CVE-2012-2104

26 Aug 2012 — cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request. cgi-bin/munin-cgi-graph en Munin v2.x escribe datos en un archivo de log sin eliminar caracteres no imprimibles, lo que podría permitir a atacantes remotos asistidos por el usuario inyectar secuencias de escape de emulador de... • https://www.exploit-db.com/exploits/37084 • CWE-20: Improper Input Validation •